Search form

Search form

The encryption and security technology used by global banking firms, hospitals and corporations to protect their data is no match for U.S. intelligence, according to documents that say the National Security Agency has successfully breached even the most advanced safeguards. According to a joint reporting effort by ProPublica, The New York Times and The Guardian, since 2000, the NSA has invested billions into undermining Internet security technology by embedding vulnerabilities into emerging standards, among other things.

Related Summaries

The National Security Agency has released two families of encryption algorithms, known as block ciphers, to improve security via RFID. The ciphers have been named SIMON and SPECK, and are available free of charge as part of the effort to improve security for the Internet of Things. The lightweight block ciphers are designed for smaller, faster mobile devices than traditional block ciphers.

For almost three years, the National Security Agency has been examining the e-mail logs and phone calls of American citizens to gain insights into foreign intelligence, The New York Times reports, citing interviews with government officials and newly disclosed documents. "All data queries must include a foreign intelligence justification, period," an NSA spokeswoman said. "All of NSA's work has a foreign intelligence purpose. Our activities are centered on counterterrorism, counterproliferation and cybersecurity." Meanwhile, Microsoft reported getting more than 37,000 requests for online user data from law enforcement agencies around the world during the first half of 2013.

The disclosures by Edward Snowden regarding U.S. intelligence agencies' data-collection practices are giving a boost to some in the tech industry, including IT-security services and products such as encryption technology. "Our value proposition had been that it's a wild world out there, [and] while doing business internationally you need to protect yourself," said Jon Callas, co-founder of encryption provider Silent Circle.

Court documents indicate that the National Security Agency breached privacy rules between 2006 and 2009 in conducting phone-record database searches that did not meet the reasonable-suspicion standard. The intelligence agency says the activity was not deliberate and was due to a lack of technical knowledge of the record system in use. Separately, the National Institute of Standards and Technology is denying that the NSA went around its encryption algorithms in an effort to lock down electronic communications.

The National Security Agency has found ways to easily crack commonly used encryption tools, allowing intelligence officials to break open protected e-mails and to access trade secrets and financial and medical records, according to leaked documents. The NSA uses a combination of cracking tools, covert attacks and back-door access provided by encryption-tool developers to access information. "Now we learn that the foundation of Web security has been compromised," said computer security expert Mikko Hypponen of F-Secure.